If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Portable App

Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.

An AVG PC with an outdated database was able to detect everything on my flash drive.

Anyhow on my workstation AVG is cleaning things up, however there are 2 production servers left which the boss is on my head for.

1st server is running stable at the moment.
2nd server keeps on going into standby mode for some reason, I have checked the power settings etc and everything is fine, I would assume this is malware based. Every 20 seconds it will go into standby and will pause the work/scan at hand.

Any ideas how to clean this in a timely manner?

Thanks

The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.Albert Einstein

First, don't assume anything. It's not unusual to find concurrent issues
on any given PC, including servers.

Take a good look at the processes and services running on that server.
Google anything that doesn't look familiar. Shaking down a server like
that is a rather more formidable task than doing the same on a desktop.

You might try something like Portable Clamwin to doublecheck for any
viruses. That version is designed to run off a USB stick, but it's easily
copied to a HDD and run from there. It doesn't need a full-blown install
like most AV apps so it's easily installed with a minmum of registry changes.
It's not the greatest AV app, but it does give you a second opinion.

I have seen workstations infected with viruses.......and yes...these can infect certain data areas on a server....

But I can still can not understand how a server becomes infected with a virus with out someone using it to read email or surf the world wide web using the all powerful administrator account....which is a nono ...basic security 101

MLF

How people treat you is their karma- how you react is yours-Wayne Dyer

But I can still can not understand how a server becomes infected with a virus with out someone using it to read email or surf the world wide web using the all powerful administrator account....which is a nono ...basic security 101

I believe this was already covered

Originally Posted by Cider

Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.

A chain is only as strong as its weakest link. Same goes for networks, and the programs intended to protect them.

CTO

"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein

Now instead of fixing the problem the idiot would rather try and "plug" a hole rather than admit than the AV we have implemented is totally crap.

An AVG PC with an outdated database was able to detect everything on my flash drive.

The server became infected, as Cider believes, because the AV protection they employed was crap and did not do the job..... Much like hiring a night watchman who sleeps on the job - The theives just slip right by.

Why the server became infected, simply is the nature of the www - ?

I think Cider's beef is the fact the id10t would rather apply a fix to the issue, now and give the night watchman a stern talking to - as opposed to replacing them with a more secure, highly thought of product - Trend would be a nice way to go i think.

CTO

"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein

Security is a layered approach that requires commitment at all levels of an organisation. You cannot buy it off a supermarket shelf like a box of breakfast cereals, and there is no "magic bullet" solution; despite what some vendors would like you to believe.

You need to look at what attacked you, how it got there, and how it spread. That will tell you where the gaps are. Fix those gaps and then, and only then, can you publicly execute the culprits

Please remember that if you have a home user, or small business security suite, it is largely pre-configured to provide a reasonable level of protection. Corporate solutions, on the other hand are generally pretty useless out of the box, as there is no way the vendor can make reasonable assumptions regarding corporate architectures.

If you accept that; then the problem is more likely to be the way that the system was implemented than the product itself. I am sure that you will appreciate this more if you consider firewalls on there own? If you don't know how to set one up, it is worse than useless, as it lulls you into a false sense of security.

MLF has some good questions.............. what was the malware, and what was the server's role?

Please remember that you have an "enemy within" and if you let them bring external crap into the company, read their private e-mail, attach unauthorised devices, install unauthorised software, visit their Facebook or other crap, trade on e-bay, and on and on and on............... then just make sure that they know that it is an instant dismissal offence and that they sign up (at least once every 3 months) to the fact that they haven't forgotten that.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

I havent read all the posts, I will do so and reply to everyones post.

Basically This malware was copying every file in the directory it was in. For instance in the root of C, it would copy every file whether it was a dll, word doc or whatever , it would change it to a .exe. All the files that were created either were 631 kb in size or 218 and were modified on the same day.

Basically I uninstalled our AV and put on AVG protection for file servers. This cleaned up everything and landed up with 2.5k infected files. There were the ones that got duplicated.

This is to answer MLF.

Both our servers are logged on with ADMINISTRATOR at all times. Dont ask my why. I believe it started duplicating files on a share that the marketing department uses and then just spread like wild fire.

The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.Albert Einstein